ClawHub

Polymarket Pmxt Trader

Security checks across malware telemetry and agentic risk

Overview

This is a real-money Polymarket trading automation skill with disclosed credentials, but it lacks strong live-trading controls and includes recurring automation plus automatic redemption behavior.

Review before installing. Use dry-run first, keep position and trade caps very small, use isolated credentials or a limited wallet, and do not enable live or recurring execution unless you accept that it may place trades and redeem positions without asking again.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises use of environment variables and shell-based execution patterns, but it does not declare permissions or capabilities explicitly. That creates a transparency and governance gap: an agent or reviewer may not realize the skill can access secrets or invoke commands, which increases the chance of unsafe execution, secret exposure, or unintended side effects in environments that rely on declared permissions for policy enforcement.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes a live-trading mode for a real-money prediction market, but the usage section does not provide an explicit warning that enabling `--live` can execute financial transactions and cause monetary loss. In this context, omission is dangerous because the skill is specifically designed to automate trading, so a user or higher-level agent could trigger irreversible trades without clear informed consent or additional confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When run with --live, the skill proceeds to account-affecting trade execution without an explicit interactive confirmation or secondary safeguard. In an agentic or automated environment, this increases the chance of unintended real-money trades from misconfiguration, accidental invocation, or overly broad automation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill automatically calls auto_redeem() before trading without prior warning or user confirmation. Redemption changes account state and may have financial or operational consequences, so performing it implicitly is risky in unattended execution contexts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal